Conclusion

The ultimate end to most software exploits involves the installation of a rootkit. Rootkits provide a way for attackers to return at will to machines that they "own." Thus rootkits, like the one we discuss in this chapter, are extremely powerful. Ultimately, rootkits can be used

Exploiting Software How to Break Code

Rootkits may be run locally or they may arrive via some other vector, like a worm or a virus.

ByGreg Hoglund,Gary McGraw

Like other kinds of malicious code, rootkits thrive on stealthiness. They hide themselves away

from standard system observers, using hooks, trampolines, and patches to get their work

Publisher: Addison Wesley

done. In this chapter, we have only scratched the surface of rootkits—a subject deserving a

Pub Date: February 17, 2004

book of its own.

ISBN: 0-201-78695-8

Pages: 512

How does software break? How do attackers make software break on purpose? Why are firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys? What tools can be used to break software? This book provides the answers.

Exploiting Softwareis loaded with examples of real attacks, attack patterns, tools, and techniques used by bad guys to break software. If you want to protect your software from attack, you must first learn how real attacks are really carried out.

This must-have book may shock you—and it will certainly educate you.Getting beyond the script kiddie treatment found in many hacking books, you will learn about

Why software exploit will continue to be a serious problem

When network security mechanisms do not work

Attack patterns

Reverse engineering

Classic attacks against server software

Surprising attacks against client software

Techniques for crafting malicious input

The technical details of buffer overflows

Rootkits

Exploiting Softwareis filled with the tools, concepts, and knowledge necessary to break

software.